Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

Re^3: Executing a string as a Perl command

by ww (Archbishop)
on May 10, 2011 at 12:29 UTC ( #903971=note: print w/replies, xml ) Need Help??


in reply to Re^2: Executing a string as a Perl command
in thread Executing a string as a Perl command

  1. ...and your point (aside from the fact that your code prints "5") is...?
  2. ... and this is better than

    my $var1 = 5; print $var1;

    how?

Replies are listed 'Best First'.
Re^4: Executing a string as a Perl command
by ctilmes (Vicar) on May 16, 2011 at 10:48 UTC
    This short illustrative example has $cmd set inline, but in a real program, it could be constructed from other variables, it could be read from a user, it could be read from a file, etc.

    The question was simply how to get it to execute once it was set. The answer is eval.

      eval is the wrong answer since it can run arbitrary code

      If the user gives you some form of # rm -rf * ~ / , a lot of your files get deleted

        The OP said nothing about a user supplying the string. We pointed out that there are security concerns if you don't trust the string.

        If you want to run arbitrary code supplied by a 100% trusted source at runtime, what would you use other than eval?

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://903971]
help
Chatterbox?
[Discipulus]: infact my tk client is unable to connect at the moment
[ambrus]: choroba: that doesn't matter, the cookies are independent on the webserver, they just have to contain your username and crypted password with a seed of the user's choice, you can change the hostname or even construct a cookie without asking the server
[ambrus]: choroba: and for perlmonks (but not for everything2), you don't even need a cookie, you can just send a username and password parameter in every request, and this is even documented in What XML generators are currently available on PerlMonks?
[holli]: i admire you choroba, if i had to work at such a place, i wouldn't last long. as bosses don't like if someone calls them clueless idiots
[ambrus]: (The cookie format is not documented anywhere afaik, but it's trivial to reverse engineer even without being a pmdev.)
[holli]: or "ignorant bricks" (that is not a typo)

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (11)
As of 2017-10-24 11:29 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    My fridge is mostly full of:

















    Results (289 votes). Check out past polls.

    Notices?